Files
@ 0a435b5ba2cf
Branch filter:
Location: majic-ansible-roles/testsite/playbooks/tls.yml - annotation
0a435b5ba2cf
2.4 KiB
text/x-yaml
MAR-218: Upgrade test site for Ansible 10.x and fix linting errors:
- Disable name checks when importing playbooks into top-level playbook
to avoid naming duplication.
- Disable name checks when importing playbooks into top-level playbook
to avoid naming duplication.
70733167cdf8 70733167cdf8 0a435b5ba2cf 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 2b3af82bc50e 2b3af82bc50e 2b3af82bc50e 70733167cdf8 70733167cdf8 70733167cdf8 2ded0cbae449 2ded0cbae449 70733167cdf8 70733167cdf8 0a435b5ba2cf 0a435b5ba2cf 0a435b5ba2cf 0a435b5ba2cf a668b3669853 70733167cdf8 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 0a435b5ba2cf 0a435b5ba2cf a668b3669853 70733167cdf8 70733167cdf8 70733167cdf8 0a435b5ba2cf 70733167cdf8 70733167cdf8 70733167cdf8 70733167cdf8 a668b3669853 70733167cdf8 a668b3669853 | ---
- name: Generate TLS private keys and certificates
hosts: preseed
vars:
host_tls_info:
- hostname: ldap
service: ldap
name: LDAP
- hostname: mail
service: imap
name: IMAP
- hostname: mail
service: smtp
name: SMTP
- hostname: phpinfo
service: https
name: PHP Info
- hostname: web
service: https
name: Web
- hostname: wsgi
service: https
name: WSGI Hello World
- hostname: wsgireq
service: https
name: WSGI Hello World
- hostname: xmpp
service: xmpp
name: XMPP
extra_dns_names:
- "{{ testsite_domain }}"
tasks:
- name: Create GnuTLS certificate templates for all hosts
ansible.builtin.template:
src: "../tls/gnutls_server_certificate.cfg.j2"
dest: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
mode: "0640"
with_items: "{{ host_tls_info }}"
- name: Create the CA key
ansible.builtin.command: certtool --sec-param high --generate-privkey --outfile ../tls/ca.key
args:
creates: ../tls/ca.key
- name: Create the CA certificate
ansible.builtin.command: certtool --template ../tls/ca.cfg --generate-self-signed --load-privkey ../tls/ca.key --outfile ../tls/ca.pem
args:
creates: ../tls/ca.pem
- name: Create private keys for all hosts
ansible.builtin.command: |
certtool --sec-param normal --generate-privkey --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
with_items: "{{ host_tls_info }}"
args:
creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
- name: Issue certificates for all hosts
ansible.builtin.shell: sleep 1 && certtool --generate-certificate
--load-ca-privkey "../tls/ca.key" --load-ca-certificate "../tls/ca.pem"
--template "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
--load-privkey "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
--outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
with_items: "{{ host_tls_info }}"
args:
creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
|